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SECURE MEMORY AND PROCESSING SYSTEM HAVING LASER- 
SCRIBED ENCRYPTION KEY 

Field of the Invention 

5 

This invention relates in general to the field of 
secure processing systems and in particular to 
processing systems with secure memory. The present 
invention also relates to wireless communication 
10 devices. 

Background of the Invention 

Security is becoming a critical feature in 

15 processor and communication system designs today. It 
is becoming more important to be able to store non- 
volatile sensitive information within a product and 
protect this information from disclosure and/or 
modification. It is preferable to store this sensitive 

20 information where no external access to this data is 
possible. Unfortunately, it is difficult to combine 
technologies to accomplish this. For example, flash 
memory, EE PROM and fast logic devices are not easily 
manufactured on the same die due to incompatible 

25 process requirements or high cost. 

Many portable communication devices provide 
connectivity to networks such as the internet. This 
connectivity may permit a user to purchase items over 
the internet using their portable communication device, 

3 0 but because many of these devices are relatively small 
and have very limited man-Machine interfaces, it is 
difficult to enter credit card information or other 
authenticating information using these portable 
communication devices. In addition, the Internet 

35 providers desire to make the purchasing of products on- 
line as simple and as pleasurable as possible. 



-1- 



GE04592 



Thus, what is needed are a system and method where 
credit card and authentication information is pre- 
loaded onto a portable communication device so that it 
may be easily available for on-line transactions. What 
5 is also needed are a method and system that securely 
stores user authentication information and other 
sensitive information so that it cannot be easily 
extracted from the portable communication device, 
copied to another device, or modified. 

10 What is also needed are a processing system and 

secure memory device that stores sensitive information 
in a way that it is not easily accessible. What is 
also needed is a method for storing and using sensitive 
information within processing systems and communication 

15 devices. What is also needed is a method for 

communicating sensitive information over a non-secure 
channel such as the internet. 
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Brief Description of the Drawings 

FIG. 1 is a simplified block diagram of a 
communication device with a secure processing system in 
5 accordance with the preferred embodiments of the 
present invention; 

FIG. 2 is a simplified procedure for loading 
sensitive information in accordance with the preferred 
embodiments of the present invention; and 
10 FIG. 3 is a simplified procedure for using 

sensitive information in accordance with the preferred 
embodiments of the present invention. 

Detailed Description of the Drawings 

15 

The present invention provides, among other 
things, a secure processing system for use in various 
types of communication devices. The secure processing 
system includes a host processor and a secure memory 

20 which provides for the storage of sensitive data in 
encrypted form in a storage medium external to the 
secure processing system. When needed by the host 
processor, the encrypted data is decrypted with 
encryption logic circuitry within the secure memory and 

25 transferred to a zeroizable memory for use by the host 
processor. The secure memory uses a laser-scribed 
encryption key coupled to encryption logic circuitry 
within the secure memory for encrypting and decrypting 
sensitive information. The laser-scribed encryption 

30 key is desirably unique to each device. In accordance 
with the present invention, the laser-scribed 
encryption key is generated by laser-scribing a 
semiconductor die during fabrication. The present 
invention includes other methods of generating the 

35 laser-scribed encryption key including, for example, 
burning on-time programmable fuses on a die. 
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The laser-scribed encryption key provides a master 
key used to protect sensitive data that is stored in a 
user's product. For example, such sensitive user data 
may include a user's social security number, credit 
5 card number, social security service keys or an ID used 
for secure digital initiatives, such as digital rights 
management. Sensitive data may also include 
application source code such as game software. 
Preferably only certain applications within the system 

10 will need to access this sensitive information. 

FIG. 1 is a simplified block diagram of a 
communication device with a secure processing system in 
accordance with the preferred embodiments of the 
present invention. Communication device 10 is 

15 comprised of a secure processing system 14 having an 
associated external memory 12 and other communication 
components 13. Device 10 may, for example, be a 
wireless communication device, such as a cellular or 
wireless phone, or a wireline communication device such 

20 as a computer, or a portion thereof. Communication 
components 13 provide for the functionality not 
described in detail in FIG. 1 for either a wireless or 
wireline communication device, and for either 
communicating voice, data or video. Secure processing 

25 system 14 is comprised of a host processor 16, secure 
memory 20, bus 18 coupling the host processor and the 
secure memory and on-chip system components 15. In 
accordance with the preferred embodiment of the present 
invention, host processor 16, on-chip system components 

3 0 15 and secure memory 20 are fabricated on a single 

integrated circuit chip and is preferably separate from 
external memory 12 and other communication components 
13. Host processor 16 may be one or more processing 
elements and is preferably the main controller for 

35 secure processing system 14. Preferably, processor 16 
is a digital signal processor (DSP) or a micro- 
controller. On-chip system components 15 comprise 
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other system processors, memory and other functional 
elements that are part of communication device 10 to 
allow for wireless or wireline communication of video, 
data and/or voice. 
5 Secure memory 20 is coupled to the host processor 

16 by data bus 18 and comprises a plurality of blocking 
gates 22 that are coupled to data bus 18. Secure 
memory 20 also includes laser-scribed encryption key 21 
coupled to blocking gates 22. Secure memory also 

10 comprises encryption logic circuitry 23 and zeroizable 
memory 24. Encryption logic circuitry 23 preferably 
implements a symmetric encryption algorithm using 
laser-scribed encryption key 21. Zeroizable memory 24 
is preferably a random access memory (RAM) having 

15 zeroizing input 28. Zeroizable memory 24 may be 

coupled to either to encryption logic circuitry 23 or 
data bus 18. The contents of zeroizable memory 24 are 
erased, for example by causing the contents to be set 
to a fixed value such as zero or another predetermined 

20 value when a zeroized signal is received at zeroizing 
input 28. System monitor 25, for example, sends the 
zeroizing signal to zeroizable memory 24 upon the 
occurrence of any one of several predetermined 
conditions. Such conditions may include, for example, 

25 a detection of inappropriate access to the secure 

information in zeroizable memory 24 or the completion 
of an operation where the secure data in the zeroizable 
RAM is no longer needed. Furthermore, the zeroized 
signal preferably causes the encryption algorithm 

30 embedded within an encryption logic circuitry 23 to be 
reset and further causes blocking gates 22 to prevent 
access to laser-scribed encryption key 21 by encryption 
logic circuitry 23 and zeroizable memory 24. 

In accordance with the preferred embodiment of the 

35 present invention, the blocking gates 22 are comprised 
of logic "AND" gates which, when activated by a 
blocking control signal, prevent access to (e.g., 
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block) laser-scribed encryption key 21. In alternative 
embodiment, blocking gates 22 are comprised of logic 
"OR" gates. In one embodiment of the present invention 
the blocking control signal is coupled to the zeroized 
5 signal which blocks laser-scribed encryption key 21 and 
zero's zeroizable memory 24 when secure processing 
system 14 operates in a non-secure mode. 

Laser-scribed encryption key 21 is a randomly 
generated sequence of "ones" and "zeros" suitable for 

10 an encryption key. The sequence is laser-scribed 

during fabrication of a semiconductor die to create a 
plurality of fixed "ones" and "zeros" which make up the 
ones and zeros of the encryption key. It is preferred 
that the laser-scribed encryption key be randomly 

15 generated and unique for each secure memory 20 so that 
the data encrypted by any particular secure memory can 
only be decrypted by that particular secure memory. In 
one preferred embodiment, laser-scribed encryption key 
need not be randomly generated as long as it's value is 

20 guaranteed unique. Typically, laser-scribed encryption 
key is 168 bits for the triple DES encryption algorithm 
and 128 bits for some other encryption algorithms, 
although other key lengths are equally suitable 
depending on the amount of security desired. In 

25 alternative embodiments of the present invention, 

laser-scribed encryption key 21 is comprised of a one- 
time programmable flash memory element, or 
alternatively non-volatile memory such as ROM, EEPROM, 
MRAM (Magnetoresistive RAM) , battery backed RAM or 

30 DRAM, or other fast logic elements. 

Secure memory 20 includes self-test element 26 for 
performing self test operations within secure memory 20 
and processing system 14 to help ensure proper 
operation thereof and help prevent fault-based attempts 

35 to access secure memory 20. Secure memory 20 may also 
includes debug detector 27 with debug port 29. Debug 
detector, among other things, functions to disable 



GE04592 



secure memory 20 when for example software debug 
capability is being utilized. 

Secure memory 20 includes system monitor 25 
functions to help ensure the proper operation of secure 
5 memory 20. For example, improper attempts to access 
laser-scribed encryption key 21 or memory 24 are 
detected by the system monitor 25. Preferably, system 
monitor 25 monitors the sequence of events at power-up 
and when a power-up test is not completed successfully, 

10 system monitor 25 desirably prevents access to the 
secure memory components. In addition, system 
monitor 25 monitors activity on system debug port 29. 
Attempts to enable the debug capability of the system 
are detected by the system monitor 25. When system 

15 monitor 25 detects an unauthorized condition, blocking 
gates 22 are enabled to disable access to encryption 
logic circuitry 23 and zeroizable memory 24 and prevent 
the encryption logic circuitry 23 from accessing laser- 
scribed encryption key 21. In addition, system monitor 

20 25 provides an assertion signal on zeroizing input 28 
to zeroizable memory 24 to erase any information that 
has been stored therein. 

In accordance with the preferred embodiment of the 
present invention, secure memory 20 is tested by self- 

25 test element 26 when secure processing system 14 is 
powered up. These tests, among other things, verify 
the proper operation of encryption logic circuitry 23, 
zeroizable memory 24, zeroizing input 28, and blocking 
gates 22. In addition, the ability of system monitor 

30 25 to disable access to the secure memory is preferably 
also verified by self-test element 2 6 when secure 
processing system 14 is powered up. If any test fails, 
secure memory 20 is disabled. 

In accordance with one embodiment of the present 

35 invention, communication device 10 contemplates having 
secret keys stored in non-secure external memory 12 in 
encrypted form, each secret key having been encrypted 
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with laser-scribed encryption key 21 using secure 
processing system 14. When needed, communication 
device decrypts one of the secret keys with encryption 
logic circuitry 23 using laser-scribed encryption key 
5 21, and stores the decrypted secret key in zeroizable 
memory 24. The decrypted secret key may be used by 
host processor 16 in any number of ways, including, for 
communications with other communication devices. 

In one embodiment of the present invention, the 

10 decrypted secret key may be the user's private key 

which is part of a public/private key pair. In this 
embodiment for example, the user's private key may be 
used for authentication of digital signatures as well 
as decryption of data. 

15 In another embodiment of the present invention, 

the secret key may be secret information used to 
generate a common session key with another 
communication device. The secret key may also be the 
common session key used to subsequently communicate 

20 secured information. In any of these embodiments of 
the present invention, secure data or secure voice or 
video may be communicated either over wireless or 
wireline networks. Communication components 13 and 
other on-chip system components 15 are suitably 

25 configured by those of ordinary skill in the art. 

Communication components 13, may include, for example, 
vocoders, transceivers, amplifiers, processors, etc. 

It should be noted that, although various 
embodiments are disclosed herein, the present invention 

30 is equally suitable for the safeguarding and use of any 
sensitive information. Other embodiments are described 
below. 

In another preferred embodiment, the present 
invention provides for a method of purchasing items 
35 over a non-secure communication link, such as the 
internet, for example using a secure communication 
device such as communication device 10 of FIG. 1. 
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In accordance with this embodiment of the present 
invention, a secure memory embedded in the Host 
processor is used to secure the user's sensitive 
information. The user of the portable communication 
5 device enter sensitive information such as a credit 

card numbers and other authentication information into 
the device. This can be done prior to any use of this 
information and may be performed using the device's 
keypad and display or it may involve downloading 
10 information from a computer, a network or wireless 
link. 

Once the host processor is loaded with this 
sensitive information, the host processor uses the 
secure memory to encrypt the sensitive information 

15 using the laser-scribed encryption key. After 

encryption, the encrypted sensitive information is 
stored in a non-secure memory. The encrypted sensitive 
information does not need to be protected because this 
information can only be decrypted and used by the 

20 secure memory containing the laser-scribed encryption 
key that originally encrypted it. 

The communication device may also be loaded with a 
digital certificate or public key used to establish a 
secure communication session with an internet vendor. 

25 Like the users of credit card information, the digital 
certificate may be encrypted by the secure memory using 
the laser-scribed encryption key and stored in non- 
secure memory. 

In one embodiment of the present invention, an 

3 0 additional step for loading the communication device is 
to establish a personal identification number (PIN) for 
use in accessing control to the device. As with the 
credit card information, the PIN is loaded into the 
device, encrypted by the secure memory using the laser- 

35 scribed encryption key and stored in non-secure memory. 
In an alternate embodiment of the present 
invention, an additional step for loading the 
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communication device is to establish biometric 
information for use in accessing control to the device. 
As with the credit card information, the user's 
biometric information is loaded into the device, 
5 encrypted by the secure memory using the laser-scribed 
encryption key and stored in non-secure memory. In 
accordance with this alternative embodiment, the 
communication device preferably comprises components 
for receiving the user's biometric data. Examples of 

10 these biometric reception components include retinal 

scan components, fingerprint reading components, voice 
print identification components, and speaker 
identification and verification components. 

In order to complete a transaction the user either 

15 enter the PIN, or provided biometric data to the 

biometric reception circuitry. This step, for example, 
helps protect the communication device from misuse in 
the event that the device is lost or stolen. Once the 
PIN is entered or the biometric data is received, the 

20 encrypted PIN or biometric data is retrieved from non- 
secure memory and decrypted by the secure memory using 
the laser-scribed encryption key. The decrypted PIN or 
biometric data is compared to the entered PIN or 
received biometric data and the transaction continues 

25 where the information matches. 

The communication device then sends the encrypted 
certificate to the secure memory where it is decrypted 
using the laser-scribed encryption key. The host 
processor uses this certificate to establish a secure 

30 session with, for example, an internet vendor. Secure 
Socket Layer (SSL) , for example, is a standard 
technique used in the internet community to establish 
such a session. 

Once the secure session is established, the host 

35 processor sends the encrypted credit card and 

authentication information to the secure memory where 
it is decrypted using the laser-scribed encryption key. 
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After decryption the host processor sends the decrypted 
sensitive information to a recipient such as an 
internet vendor through the secure session previously 
established. 

5 One of the advantages of the present invention is 

that the sensitive information is never accessible 
outside of the host processor and the Secure Memory 
after it is originally loaded. In the preferred 
embodiment of the present invention, the secure memory 

10 and the host processor are on the same chip. In this 
case the sensitive information is never available 
outside of this chip, thus protecting the information 
from any external attempt to intercept it. 

Another advantage of the present invention is that 

15 the user action during the purchase session is 

primarily only the entering of the PIN or providing the 
biometric information. The other steps for the secure 
transaction are automatic and occur without the 
knowledge or direction of the user. 

20 Accordingly, user interaction is simplified during 

an internet purchase and the information required for 
on-line transactions is stored in a secure manner for 
multiple purchase sessions. 

In accordance with other embodiments of the 

25 present invention, the present invention provides a 

method for transferring sensitive data over non-secure 
communication channels using the secure communication 
device of the present invention. The secure 
communication device includes a host processor, a 

30 secure memory that includes the laser-scribed 

encryption key, a non-secure memory for storing 
sensitive data in encrypted form; the sensitive data 
being previously encrypted with the laser-scribed 
encryption key. 

35 FIG. 2 is a simplified procedure for loading 

sensitive information in accordance with the preferred 
embodiments of the present invention. Processing 
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system 14 (FIG. 1), for example, is suitable for 
performing procedure 200, although other processing 
systems may be suitable. 

Sensitive data or sensitive information is loaded 
5 into the processing system or device in step 202. This 
information may be loaded directly through a keypad or 
another external interface. The keypad may be an 
attached keypad and be a part of communication 
components 13 (FIG. 1) . The information may also be 

10 loaded over a communication link, for example, via the 
communication components 13 (FIG. 1) . In one 
embodiment, the information is loaded in a plain text 
form while another embodiment, the information is 
loaded in encrypted form and host processor 16 (FIG. 

15 1) , for example, may first decrypt the information 
prior to re-encrypting using secure memory 20 and 
storing it in external memory 12. 

Once the sensitive information is loaded, the 
blocking gates, such as blocking gates 22 (FIG. 1) are 

20 disabled in step 204. Disabling the blocking gates 
permits the host processor to access the encryption 
logic circuitry and the zeroizable memory within the 
secure memory. Disabling the blocking gates also 
enables the encryption logic circuitry to aGcess the 

25 laser-scribed encryption key 21 (FIG. 1) . The host 
processor preferably never has direct access to the 
laser-scribed encryption key, even, for example, when 
the blocking gates are disabled. 

In step 206, the host processor sends the 

3 0 sensitive information through the encryption logic. In 
this step, the sensitive information is encrypted with 
the laser-scribed encryption key by encryption logic 
circuitry and stored in a memory internal to the secure 
memory device, and preferably stored in a zeroizable 

35 RAM. The sensitive information is now encrypted with a 
key that is preferably only known by the secure memory 
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and this key can not be readily extracted from the 
secure memory. 

In step 208, the host processor reads the 
encrypted sensitive information from the zeroizable 
memory and stores this information in a memory that is 
preferably external to the secure memory such as 
external memory 12 (FIG. 1) . Physical protection of 
the external memory may not be necessary because the 
encrypted version of the sensitive information is 
stored in the external memory while the key to decrypt 
the sensitive information (i.e., the laser scribed 
encryption key) is kept within the secure memory. 

In step 210, the host processor enables the 
blocking gates to disable access to the encryption 
logic circuitry and the zeroizable memory and prevent 
the encryption logic from accessing the laser scribed 
encryption key. In step 214, a zeroize input signal, 
such as zeroizing input 28 (FIG. 1) is provided to the 
zeroizable memory to erase any information that was 
temporarily stored in the zeroizable memory. 

FIG. 3 is a simplified procedure for using 
sensitive information in accordance with the preferred 
embodiments of the present invention. This 
information, for example, may have been loaded in 
procedure 200 (FIG. 2). Processing system 14 (FIG. 1) , 
for example, is suitable for performing procedure 300, 
although other processing systems may be suitable. 
Procedure 300 is executed when the host processor 
requires use the sensitive information that is stored 
in encrypted form. 

In step 302, the blocking gates are disabled to 
allow the host processor to access the secure memory. 
Disabling the blocking gates permits the host processor 
to access the encryption logic circuitry and the 
zeroizable RAM within, for example, secure memory 20 
(FIG. 1) . It also enables the encryption logic 
circuitry access to the laser-scribed encryption key. 
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The host processor desirably never has direct access to 
the laser-scribed encryption key, even when the 
blocking gates are disabled. 

Once access to the secure memory is enabled, in 
5 step 304 the host processor reads the encrypted 
sensitive information , for example from external 
memory 12 (FIG. 1) and writes this information to the 
encryption logic circuitry. In step 306, the 
encryption logic circuitry decrypts the encrypted 

10 sensitive information using the laser-scribed 

encryption key. In step 308, the decrypted sensitive 
information is stored within the secure memory, 
preferably in zeroizable memory 24 (FIG. 1) . 

In step 310, the host processor uses the sensitive 

15 information for whatever purpose the information is 

needed for. The sensitive information remains in the 
zeroizable memory until the host processor causes the 
information to be erased. Also, an external event, may 
also cause the information to be erased. Erasing the 

20 information in the zeroizable memory is accomplished, 
for example, by the assertion of the zeroize input 
(e.g. input 28 FIG. 1) of the zeroizable memory. 
Examples of external events which cause erasure of the 
zeroizable memory include the systems detection of 

25 tampering or detection of an unauthorized condition, 
for example by system monitor 25 (FIG. 1) or debug 
detector 27 (FIG. 1) . The host processor may access 
the sensitive information as often as needed while the 
information remains in zeroizable memory. 

3 0 In step 312, the sensitive information that is 

temporarily stored in the zeroizable memory is erased. 
This is accomplished by the hose processor overwriting 
the information stored in the secure memory or by 
activating or asserting a zeroize input to the 

35 zeroizable memory. In accordance with this embodiment 
of the present invention, there is no need to re- 
encrypt the sensitive information or store this 
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information back into external memory because 
preferably, the original encrypted sensitive 
information is not removed from external memory and is 
still contained within the external memory to be used 
next time the host processor requires access to the 
sensitive information. 

When the host processor no longer desires access 
to the sensitive information in the zeroizable memory, 
in step 314 the host processor enables the blocking 
gates to disable access to the encryption logic 
circuitry and the zeroizable memory, and prevents the 
encryption logic circuitry from accessing the laser 
scribed encryption key. 

Thus, a secure memory and secure processing system 
for use in various types of communication devices has 
been described which overcomes specific problems and 
accomplishes certain advantages relative to prior art 
methods and mechanisms. The improvements over known 
technology are significant. 

The foregoing description of the specific 
embodiments will so fully reveal the general nature of 
the invention that others can, by applying current 
knowledge, readily modify and/or adapt for various 
applications such specific embodiments without 
departing from the generic concept, and therefore such 
adaptations and modifications should and are intended 
to be comprehended within the meaning and range of 
equivalents of the disclosed embodiments. 

It is to be understood that the phraseology or 
terminology employed herein is for the purpose of 
description and not of limitation. Accordingly, the 
invention is intended to embrace all such alternatives, 
modifications, equivalents and variations as fall 
within the spirit and broad scope of the appended 
claims . 
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CLAIMS 

What is claimed is: 

1. A secure processing system for a communication 
device comprising: 

a host processor; and 

a secure memory coupled to the host processor by a 
data bus, wherein the secure memory comprises: 

a laser-scribed encryption key; 

encryption logic circuitry for implementing a 
symmetric encryption algorithm using the laser-scribed 
encryption key; 

a plurality of blocking gates coupling the 
encryption logic circuitry with the laser-scribed 
encryption key; and 

a memory, 

wherein sensitive data is encrypted by the 
encryption logic circuitry using the laser-scribed 
encryption key and stored as encrypted data in a data 
storage medium, and 

wherein the encrypted data is decrypted by the 
encryption logic circuitry with the laser-scribed 
encryption key and transferred to the memory for use by 
the host processor. 

2. The processing system as claimed in claim 1 
wherein the memory is a zeroizable memory having a 
zeroizing input that causes the contents of the memory 
to be erased when a zeroize signal is received on the 
zeroizing input, and 

wherein said zeroize signal is sent to the 
zeroizable memory by a system monitor upon the 
occurrence of one of a plurality of predetermined 
conditions . 
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3. The processing system as claimed in claim 1 
wherein the host processor and secure memory are 
fabricated on an integrated circuit chip, and the 
encrypted data is stored in a non-volatile memory. 

5 

4. The processing system as claimed in claim 3 
wherein the non-volatile memory includes a portion 
internal to the integrated circuit chip and a portion 
external to the integrated circuit chip, and wherein 

10 the encrypted data is stored on the portion internal to 
the integrated circuit chip when the portion internal 
is available. 

5. The processing system as claimed in claim 1 
15 wherein the blocking gates are comprised of logic 

gates and have a blocking control signal input 
preventing access to the laser-scribed encryption key 
by the encryption logic circuitry. 

20 6. The processing system as claimed in claim 1 

wherein the laser-scribed encryption key is stored in a 
one-time programmable memory element. 

7. The processing system as claimed in claim 1 
25 wherein the laser-scribed encryption key is stored in 
non-volatile memory selected from one of the group 
consisting of ROM, EE PROM, MRAM (Magnetoresistive RAM) , 
battery backed RAM or DRAM and fast logic. 

30 
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8. The processing system as claimed in claim 1 
wherein the laser-scribed encryption key is generated 
by laser-scribing a semiconductor die during 
fabrication of the secure memory to create a plurality 

5 of fixed "ones" and "zeroes" which make up the laser- 
scribed encryption key, and 

wherein the laser-scribed encryption key has a 
value that is randomly generated and is unique for each 
secure memory of a plurality of secure memories of 
10 different processing systems. 

9. The processing system as claimed in claim 1 
wherein the laser-scribed encryption key is generated 
by burning one-time programmable fuses on a 

15 semiconductor die to create a plurality of fixed "ones" 
and "zeroes" which make up the laser-scribed encryption 
key, and 

wherein the laser-scribed encryption key has a 
value that is randomly generated and is unique for each 
20 secure memory of a plurality of secure memories of 
different processing systems. 



10. The processing system as claimed in claim 1 
wherein the symmetric encryption algorithm is a block 

25 cipher encryption algorithm. 

11. The processing system as claimed in claim 1 
wherein the host processor is coupled to an external 
memory having a secret key stored therein in encrypted 

30 form, the secret key being encrypted with the laser- 
scribed encryption key, and said secret key being used 
for secure communication between the communication 
device and other communication devices. 
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12. A secure communication device comprising: 
a host processor; 

a secure memory coupled to the host processor by a 
data bus, the secure memory including a laser-scribed 
encryption key; and 

a non-secure memory coupled to host processor for 
storing encrypted data, 

wherein sensitive data is encrypted within the 
secure memory using the laser-scribed encryption key 
and stored as encrypted data in the non-secure memory, 
and 

wherein the encrypted data is decrypted within the 
secure memory using the laser-scribed encryption key 
and stored within the secure memory for use by the host 
processor. 

13. The communication device as claimed in claim 
12 wherein the non-secure memory has a secret key 
stored therein in encrypted form, the secret key being 
encrypted with the laser-scribed encryption key, and 
said secret key being used for secure communication 
between the communication device and other 
communication devices. 

14. The communication device as claimed in claim 
12 wherein the communication device is a data 
communication device, and wherein the secret key is a 
private key unique to a user of the communication 
device and is part of a public-private key pair, the 
private key being used for decrypting data sent to said 
user, and wherein prior to using said secret key, said 
secret key being decrypted by encryption logic of the 
secure memory using the laser-scribed encryption key 
and stored in unencrypted form in a zeroizable memory. 
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15. The communication device as claimed in claim 
14 wherein the data communication device is adapted for 
transmitting data to another communication device, and 
wherein the secret key is further used to generate a 

5 digital signature associated with said data, said 
digital signature being transmitted along with said 
data . 

16. The communication device as claimed in claim 
10 12 wherein the communication device is a wireless 

communication device for communicating secured voice, 
and wherein the secret key is used for generating a 
common session key for communicating with another 
communication device, 
15 and wherein prior to using said secret key, said 

secret key being decrypted by encryption logic of the 
secure memory using the laser-scribed encryption key 
and stored in unencrypted form in zeroizable memory. 

20 17. The communication device as claimed in claim 

12 wherein the secret key is one of a plurality of 
secret encryption keys stored in encrypted form in the 
non-secure memory, the plurality of secret keys being 
encrypted with the laser-scribed encryption key, and 

25 wherein one of the secret keys of the plurality is 

selected for secure communication between the 
communication device and other communication device, 
and wherein a zeroizable memory is cleared after 
communication with the other communication device, and 

30 wherein prior to using said selected secret key, 

said selected secret key is decrypted by the encryption 
logic using the laser-scribed encryption key and stored 
in unencrypted form in the zeroizable memory. 
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18. The communication device as claimed in claim 
12 wherein the secure memory further comprises: 

a plurality of blocking gates coupled to the 
laser-scribed encryption key; 
5 encryption logic circuitry for implementing a 

symmetric encryption algorithm using the laser-scribed 
encryption key and coupled to the blocking gates; and 

a zeroizable memory coupled to the encryption 
logic circuitry, 
10 wherein sensitive data is encrypted by the 

encryption logic circuitry using the laser-scribed 
encryption key and stored as encrypted data in the non- 
secure memory, and 

wherein the encrypted data is decrypted by the 
15 encryption logic circuitry with the laser-scribed 

encryption key and transferred to the zeroizable memory 
for use by the host processor. 
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19. A method of using secure information 
utilizing a secure communication device, the secure 
communication device comprising a host processor, a 
secure memory coupled to the host processor by a data 

5 bus, and a non-secure memory coupled to host processor 
for storing encrypted data, wherein the secure memory 
includes a laser-scribed encryption key stored therein, 
the method comprising the steps of: 

encrypting sensitive data within the secure memory 
10 using the laser-scribed encryption key; 

storing the encrypted sensitive data in the non- 
secure memory; 

decrypting the encrypted sensitive data within the 
secure memory using the laser-scribed encryption key; 
15 and 

storing the decrypted sensitive data within the 
secure memory for use by the host processor. 

20. The method as claimed in claim 19 wherein the 
20 secure memory includes blocking gates coupled between 

encryption logic circuitry and the laser-scribed 
encryption key, and a zeroizable memory coupled to the 
encryption logic circuitry, and wherein the storing 
step comprises storing the decrypted sensitive data 

25 within the zeroizable memory, and wherein the method 
further comprises the steps of: 

disabling the blocking gates during the encrypting 
and decrypting steps; and 

zeroizing the zeroizable memory after the host 

30 processor is through using the decrypted sensitive data 
stored in the zeroizable memory. 
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21. The method as claimed in claim 2 0 further 
comprising the step of enabling the blocking gates 
preventing the encryption logic circuitry from 
accessing the laser scribed encryption key, the step of 
5 enabling being performed upon completion of the 
decrypting step. 
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SECURE MEMORY AND PROCESSING SYSTEM HAVING LASER- 
SCRIBED ENCRYPTION KEY 

Abstract of the Disclosure 

5 

A secure memory and processing system is disclosed 
for use in various types of communication devices. The 
secure processing system provides for the encryption 
and storage of sensitive data in a storage medium 

10 external to the secure processing system. The 

encrypted data is decrypted with encryption logic 
circuitry within the secure memory and transferred to a 
zeroizable memory for use by a host processor. The 
secure memory uses a laser-scribed encryption key 

15 coupled to encryption logic circuitry within the secure 
memory for encrypting and decrypting the sensitive 
information. 
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